[tor-bugs] #2385 [Tor Hidden Services]: rendservice.c: cleanup stack stored key material
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sat Jun 16 02:16:55 UTC 2012
#2385: rendservice.c: cleanup stack stored key material
-----------------------------------+----------------------------------------
Reporter: cypherpunks | Type: defect
Status: new | Priority: normal
Milestone: Tor: 0.2.3.x-final | Component: Tor Hidden Services
Version: | Keywords: audit
Parent: | Points:
Actualpoints: |
-----------------------------------+----------------------------------------
Comment(by andrea):
The following instances of keys and key-derived material on the stack or
heap occur. Whenever on the stack, we must be sure they are zeroed before
the function returns. Whenever on the heap, zero before they are freed.
* rendclient.c:
* rend_client_send_introduction() (line 124)
* Payload contains hashed key on stack
* rend_client_refetch_v2_renddesc() (line 624)
* Descriptor ID on stack
* rend_client_receive_rendezvous() (line 844)
* Descriptor cookie and keys on stack
* rend_parse_service_authorization() (line 1167)
* Descriptor cookie on heap
* rendservice.c:
* rend_service_load_keys() (line 615)
* Keys allocated on the heap
* Descriptor cookies on the stack
* rend_service_introduce() (line 1038)
* Keys, digest, descriptor cookies on stack
* rend_service_intro_has_opened() (line 1562)
* Keys, digest on stack
* rend_service_rendezvous_has_opened()
* Descriptor cookie on stack
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2385#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list